Saschas Backtrace: Interview with Petko D. Petkov on Netsecurify

Petko D. Petkov is one of the founding-members of the Gnucitizen-hacker-network. They work inbetween internet, computers and security and always have very interesting projects going on, for example the “House of Hackers” a social-network for hackers and security experts. The Gnucitizen define themself as “a leading information security think tank, delivering solutions to local, national and international clients“.

Thier latest project is Netsecurify, an automated, webbased, remote testing tool, that enables security-testings of applications. One of the primary goal of the projects is not only to have a pioneering sort-of feeling, but foremost to support low-profit or non-profit organisations to have a robust and stable security-testing tools for free. They think of organisations, that otherwise would not be able to affort security experts and testing. We had a short interview with Petko D. Petkov on Netsecurify, their motivation, software design and overall goals.

What does the tool Netsecurify exactly do?

Netsecurify is a remote, automated, vulnerability assessment tool. The tool follows the SaaS (Software as a Service) model, i.e. it is a service which runs from Amazon’s scalable computing infrastructure. In it’s core, the tool performs several assessments, all based on open source technologies, and also provides recommendations through a flexible recommendation engine. The tool also allows 3rd-party organizations to enhance the reports.

Netsecurify is very simple to use. All the user has to do is to login and schedule a test for a particular network range. Once we approach the specified scheduled data, we run the test. When the test is done, the user is notified via email or by other means which we are working on at the moment. The user then logs in and downloads a copy of the report. For security reasons, the report is destroyed 30 days after it has been completed.

What was your motivation for starting the project?

The primarily motivation for starting this project is to provide free, quality, flexible, automated information security testing tool which can be employed by charity organizations, 3rd world countries, and in general, organizations and companies who cannot afford to spend money on security. Also, a huge motivational factor is the fact that no one has done a project like this. We are the first to do it. 🙂 This is pretty cool.

Who are the people behind the project and how is the project organized (agency, virtual, decentralized)?

Technically speaking, the people behind Netsecurify are GNUCITIZEN. However, we welcome anyone who is interested to join us and help us improve it. Because the testing engine is based on open source technologies which we have glued together and we are continually enhancing, we are planning to contribute back to the community everything that we do and as such close the circle of energy. In theory, this makes the entire security community part of the Netsecurify project.

What is the basic design concept and how do you think will the project develop and evolve?

We have a scalable backend and very easy to use and flexible frontend. In between we have several APIs which allow us to expand the service as we go. The tool hasn’t been just built from scratch. There was a lot of thought and design considerations put into this project before the actual code. We follow the KISS (Keep it Simple Stupid) principle. We find that this approach works quite well for us. In the future we are planning to continue simplifying and enhancing the product.

Do you have other projects planned, that will be coming at us in the future?